If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Just a thought: Could you possible boot to Knoppix or SLAX or some sort of other live distro, open the file using open office which is built into knoppix std i know and maybe some of the other ones, then save it as something else on a floppy or on a *nix partition? Or would the encryption still screw it over?

The file is encrypted, you can't get at it unless you decrypt it first. As of now, biblio.doc (the file) Is just a ton of meaningless data with a .doc extension. It would have to be decrypted for a boot disk to transfer it into meaningful data.

Well just to confirm what jinxy said, I'm sorry to say but basically... your screwed!

... unless ...

The only way to recover that data would be to have a backup of your private key which is/was located in your user profile (\Documents and Settings\username\Application Data\Microsoft\Crypto\RSA ) or that of a user designed as recovery agent. If by any chance you do have a backup of your old user profile, then you're probably in luck: check http://www.microsoft.com/technet/com.../5min-401.mspx for more instructions to restoring the keys and recovering your documents...

And btw, linux boot disks and other usual tricks for bypassing NTFS restrictions will not help in this case; EFS was designed precisely to protect against these types of "attacks" (although there are weaknesses making it possible to access the user keys if not using password protected syskey or syskey on a floppy, but this doesn't apply here: nobody has the keys period!).

Oh, and there are no cracks to decrypt EFS encrypted files themselves: on Win XP, the default cipher is DESX optionnaly 3DES, and with SP1, it's now 256bits AES. So good luck bruteforcing that...

I have not found a solution yet but i thought i would post this as it contains some good info on how EFS works:

Before considering EFS hacks you should have a basic understanding of how it works. EFS is only available when using the NTFS file system on a Windows 2000 or Windows XP Professional computer. Operations are slightly different if the Windows 2000 computer is joined in a Windows 2000 domain, if XP is the operating system, and whether certificates have been issued via a certificate authority, or via the built in self-signed certificate mechanism. When a Windows user wishes to encrypt a file he has only to select ‘encrypt’ from the advanced button on the file properties page, or save the file in a folder that has been previously marked for encryption. Thereafter, encryption and decryption is transparent to the user. The file is decrypted when opened and encrypted when saved. Should another user of the file system attempt to open the file, access is denied.

I don't ever remember turning on efs encryption on the drive. What's even weirder is the randomness of the files that are encrypted. I had my whole site on that drive, and in each folder, a few files have been encrypted, the rest haven't been encrypted and I can still access.

Weird huh? Anyways...

Time to type up a new bibliography. Thanks for the sandwich galdron (mmmmm md5...).

EFS has a weakness that windows use to store the key INTO the file system. If you cant remember that you encripted the files, probably you didnt export the key (that is a good pratice) and remove it from disk. Therefore, key is still there. So you can use a commercial tool to crack it.
here is an example http://www.elcomsoft.com/aefsdr.html?from=passcr
(I never used a tool like that.....)
EFS is near unbreakable if you didnt store keys on encripted disks. AND its create do be that.